Fixed in 1.4.22 for JIRA 5.0 – 6.2
Critical fixes in this release
- System Security: fixed Cross-Site-Scripting (XSS) vulnerability found in JFS (JFSSUP-138)
- Field Security: added support for JIRA Mobile plugin (JIRA 6.0 and later)
- Field Security: fixed Hidden fields visible for users when using "jump to field" function in JIRA (JFSSUP-130, JIRA 6.0 and later)
Other fixes and improvements
- Fixed: User Custom Field rule not working with exception: "com.atlassian.jira.user.DelegatingApplicationUser cannot be cast to com.atlassian.crowd.embedded.api.User" (JIRA 6.0 and later)
- Compatibility with JIRA Charting plugin (JIRA 6.0 and later)
- Performance improvements (JIRA 6.0 and later)